The issue of ‘on-the-job crime’ (crimes committed by
corporate employees or stakeholders such as clients or suppliers) is a highly
sensitive issue that is usually left outside of the scope of a comprehensive
business analysis. Which is not a good idea at all.
Why? Because these crimes have a significant and obviously
very negative impact on corporate profits, cash flows and financial value.
The most recent edition of The Association of Certified Fraud Examiners (ACFE) “Report to the
Nations on Occupational Fraud and Abuse,” issued in 2012, states that the
median loss of each instance of employee fraud in their study was $140,000. More than one-fifth of these
cases caused losses of at least $1
million. Even in a large, multi-billion dollar organization, that amount is
significant.
In addition to purely financial losses, there is usually
another negative impact, potentially even more serious, resulting from both
internal and external awareness of repeated instances of fraud. Internally,
this can lead to low morale and a “me-too, as everyone else is doing it”
mindset. Which results in escalating fraud, theft and, therefore, in higher and
higher financial losses. Externally, it can significantly damage an
organization’s brand and reputation.
Even in a generally well-run company, fraud still takes
place. According to the abovementioned 2012 ACFE report, an average
organization loses 5% of its revenues
to fraud — a staggering sum.
Unfortunately, few companies take the problem of on-the-job
fraud seriously enough. Some simply ignore this issue, pretending that these
crimes only happen elsewhere. Others rely solely on ethical policies (code of
conduct), employee background checks and seemingly well-designed corporate
financial and operational controls.
However, these safeguards (which must be an integral part of
every corporate risk management and loss optimization system), is usually not
enough. The reality is that people are fallible and there is always going to be
at least one bad apple. Policies and codes of conduct will be ignored, and
controls are never perfectly effective.
Therefore, you will simply have to include on-the-job crime
investigation (activities that look specifically for on-the-job crime) into
your CBA project. Which, obviously, requires bringing to the CBA team outside
professionals highly competent and experienced in such investigations (usually
they have some law enforcement background).
Where to look? Within the company, on-the-job crime tends to
concentrate in the procurement, payment and expense areas. Externally, a going
threat is an online crime (which can be external as well) – theft of money and
valuable information, identity theft and so one. Investigating for these will
obviously require services of experts in online crime investigation.
Top five areas of employee theft (according to John Verver -
vice president at ACL, an audit and risk management technology solutions firm):
1.
Purchase-to-Pay.
Potential fraud risks include (a) an employee initiating purchase orders (P.O.)
for goods and services that are diverted for personal use and (b) an employee
setting up a ‘phantom’ vendor account, through which fraudulent invoices are
processed and payments are made to the employee.
2.
Corporate
Credit Cards. A common fraud risk occurs when an employee uses a corporate
credit card for personal gain instead of legitimate corporate purchases or
travel and entertainment expenses.
3.
Payroll.
Payroll fraud can consist of (a) ‘phantom’ employees being set up on payroll
systems; (b) excessive overtime payments; and (c) employees remaining on the
payroll after death or termination.
4.
Sales and
receivables. Most common thefts include (a) employee collusion with vendors
and (b) sales representatives inflating sales to achieve higher commissions and
bonuses.
5.
Information
systems and critical data. This kind of fraud includes (a) internal or
external theft of money from corporate bank accounts using computer software
and online tools; (b) employee theft of critical data and (c) employees
providing corporate data to external individuals – competitors, hackers, etc. -
or criminal organizations.